IN THE ABSTRACT 
The title on the abstract page has been amended as follows: 
SECURE, EASY AND/OR IRREVERSIBLE CUSTOMIZATION OF CRYPTOGRAPHIC 
DEVICE 



REMARKS 

Claims 1-17 were pending. Claims 1, 4, 6, 14, 15 and 17 
have been amended. Claims 18-20 have been added. Allowance of 
Claims 1-20 is requested. If the Examiner wishes to discuss any 
aspect of this application, the Examiner is invited to telephone 
Applicants' undersigned attorney at (408) 945-9912. 



I hereby certify that this correspondence is being 
deposited with the United States Postal Service as 
first class mail in an envelope addressed to: 
Assistant Commissioner for Patents, Washington, 
D.C. 20231, on February 15, 2002 , 



Respectfully submitted, 



David R. Graham 
Reg. No. 36,150 
Attorney for Applicants 



Version with Markings to Show Changes Made 
(Additions are underlined, deletions are enclosed in brackets) 



In the specification: 

The title has been amended as follows: [CUSTOMIZABLE 
CRYPTOGRAPHIC DEVICE] SECURE , EASY AND/OR IRREVERSIBLE 
CUSTOMIZATION OF CRYPTOGRAPHIC DEVICE 

The paragraph beginning at page 4 , line 29 has been amended 
as follows: 

For example, in one embodiment of the invention, a computer 
readable storage medium includes stored thereon: i) a first set 
of code (i.e., instructions and/or data) used to perform one or 
more [sub operations] sub-operations (which can be, for example, 
one or more mathematical primitive operations); ii) a second set 
of code, distinct from the first set of code, used to perform one 
or more cryptographic operations, the second set of code 
including one or more instructions that cause performance of 
instructions and/or use of data from the first set of code so 
that the one or more sub-operations are performed; and iii) a 
third set of code for allowing and mediating access to the first 
set of code from a device external to a device of which the 
computer readable storage medium is part. The computer readable 
storage medium can be a data storage device or devices that, 
together with a processor, can be embodied in a cryptographic 
device to flexibly provide cryptographic operations in the 
cryptographic device. 



The paragraphoeginning at page 5, line 1^nas been amended 
as follows: 

This embodiment of the invention enables easy and secure 
modification (expansion, reduction or changing) of [the] 
application code via the exposure of, for example, the 
mathematical primitive operations available on a particular 
cryptographic device. In particular, this embodiment of the 
invention enables modification of available cryptographic 
operations at a relatively high level of programming abstraction, 
thus enabling such modification to be accomplished relatively 
easily. Further, this embodiment of the invention enables the 
modification to be accomplished in a manner that does not 
necessitate or allow access by the application developer to other 
operations of the cryptographic device, thus providing security 
for the proprietary code and/or cryptographic keys of other 
persons or entities that may be present on the cryptographic 
device. Additionally, this embodiment of the invention can allow 
storage of a part of the code for the cryptographic operations 
that need never change in a small and unmodifiable storage device 
(ROM), while a part of the code of the cryptographic operations 
that it may desired to change is stored in a larger and 
modifiable storage device (EEPROM), thus retaining the capability 
of modifying the cryptographic operations present on a 
cryptographic device, while minimizing or eliminating any 
limitation on the number and/or complexity of the cryptographic 
operations that can be provided in the cryptographic device. 




The paragraph beginning at page 8, line 2 nas been amended 
as follows: 

FIG. 4 is a block diagram of the functional components of a 
cryptographic device 400 according to an embodiment of the 
invention. The block 401 (hereinafter sometimes referred to as 
"the mathematical primitives storage area") represents 
instructions and/or data ("code") that enables the performance of 
one or more mathematical primitive operations. The block 402 
(hereinafter sometimes referred to as "the cryptographic 
operations storage area") represents code that [enable] enables 
the performance of one or more cryptographic operations. In 
general, the block 402 does not include code that enables the 
performance of mathematical primitive operations. The block 403 
(hereinafter sometimes referred to as "the cryptographic 
characteristic table") represents data ("access permission data") 
that specifies cryptographic characteristics in accordance with 
which one or more of the mathematical primitive operations or 
cryptographic operations are performed. The block 404 represents 
code (hereinafter sometimes referred to as "the access allowance 
verifier") that, using the access permission data, controls 
access by a user to the mathematical primitive operations and 
cryptographic operations. Finally, the block 405 represents code 
(hereinafter sometimes referred to as "the key manager") for 
storing and accessing cryptographic keys and certificates. 



The paragrapl^Deginning at page 8, line 2^has been amended 
as follows: 

In general, requests by application code 406 for performance 
of cryptographic operations are received by the access allowance 
verifier 404 from the application code interface 407 . Each 
request is evaluated by the access allowance verifier 404 to 
ensure that the request is allowable. Whether a request is 
allowable is evaluated by comparing the cryptographic 
characteristics associated with the request to the availability 
of such cryptographic characteristics, as indicated by the access 
permission data stored in the cryptographic characteristic 
table 403. If the request is allowable, then cryptographic 
operations are performed in accordance with the request, as 
described further below. 



The paragraph beginning at page 10, line 10 has been amended 
as follows: 

Preferably, the access permission data of the cryptographic 
characteristic table 403 are stored in a programmable read-only 
memory (PR0M)[, e.g., the PROM 404 of the computational 
device 400 (FIG. 4)]. The use of such a data storage device 
enables flexibility in establishing the access permission data 
(i.e., the availability of cryptographic characteristics) of a 
cryptographic device, since the access permission data can be 
established at device fulfillment (see FIG. 1). Thus, a single 
mass-produced type of cryptographic device can be tailored to 
meet cryptographic needs for many different applications. 
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Further, the use or such a data storage device enables permanency 
- and, therefore, security - in establishing the access 
permission data of a cryptographic device, since once the access 
permission data are established, the access permission data 
cannot be changed. Thus, a single mass-produced type of 
cryptographic device can be tailored to satisfy domestic demand 
for robust cryptographic capabilities or to conform to export 
regulations dictating somewhat less robust cryptographic 
capabilities, while, in the latter case, providing confidence 
that the limitations on the cryptographic capabilities cannot be 
circumvented once the cryptographic device has been exported to a 
user . 

The paragraph beginning at page 16, line 13 has been amended 

f|| as follows: 

M. 

ijl The cryptographic operations storage area 402 can include 

E3 

p-i any desired cryptographic operations. For example, the 

cryptographic operations included in the cryptographic operations 
storage area 402 can include, but are not limited to, the 
following operations: RSA encrypt, RSA decrypt, DSA sign, DSA 
verify, 3-key triple DES, Dif f ie-Hellman and elliptic curve. 
However, it is emphasized that any other cryptographic 
operations, including, in particular, cryptographic operations 
that are developed in the future, can be included in the 
cryptographic operations storage area 402. It is an important 
aspect of the invention that any cryptographic operation can be 
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easily implemente^in a cryptographic device according to the 
invention. 



In the claims: 

Claims 1 , 4, 6, 14, 15 and 17 have been amended as follows: 
\ . (Amended) A cryptographic device, comprising: 

\ means for performing one or more cryptographic 
operations; and 

aNiata storage device or devices for storing access 
permission data representing [an] the availability of one or 
more cryptographic characteristics in accordance with which 
one or more oK the cryptographic operations are performed, 
wherein all of the access permission data of the 
cryptographic devAe is stored in the data storage device or 
devices such that once a value or values of the access 
permission data are stored in the data storage device or 
devices , the value or vaPues of the access permission data 
cannot be changed- \ 

4. (Amended) A computer readable storage medium encoded 
with instructions and/or data, comprising: 

instructions and/or data for performing one or more 
cryptographic operations; and \ 

[on which] access permission data [Sis] stored in 
accordance with a predefined data structure, the access 
permission data representing an availability^ of one or more 
cryptographic characteristics in accordance wrth which one 



l^^yptographic operations ar^( 



or more [of l^Tryptographic operations ar^^erf ormed by a 
cryptographic device, wherein all of the access permission 
data is stored in the storage medium such that once a value 
or values of the access permission data are stored [on] in 
the storage medium, the value or values of the access 
permission data cannot be changed. 



6. (Amended) A cryptographic device, comprising: 

a processor for executing instructions and/or accessing 
data to perform one or more cryptographic operations that 
each necessitate the performance of one or more sub- 
operations; [and] 

one or more data storage devices for storing a first 
set of instructions and/or data used to perform one or more 
sub-operations of a cryptographic operation, and a second 
set of instructions and/or data, distinct from the first set 
of instructions and/or data, used to perform the one or more 
cryptographic operations, wherein the second set of 
instructions and/or data includes one or more instructions 
that cause performance of instructions and/or access of data 
from the first set of instructions and/or data so that one 
or more of the sub-operations are performed; and 

means for allowing access to the first set of 
instructions and/or data from a device external to the 
cryptographic device. 
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A computer readable stor^^ 



14. (Amendecn A computer readable storage medium encoded 
with one or more computer programs for enabling performance of 
cryptographic operations, comprising: 

a first set of instructions and/or data used to perform 
one or more [sub-primitive operations] sub-operations of a 
cryptographic operation ; [and] 

a second set of instructions and/or data, distinct from 
the first set of instructions and/or data, used to perform 
the one or more cryptographic operations, wherein the second 
set of instructions and/or data includes one or more 
instructions that cause performance of instructions and/or 
access of data from the first set of instructions and/or 
data so that one or more of the [sub-sub-operations] sub- 
operations are performed; and 



Fll a third set of instructions and/or data for allowing 

If! [and mediating] access to the first set of instructions 

o 

jy and/or data from a device external to a cryptographic device 

of which the computer readable storage medium is part. 



15. (Amended) A [cryptographic device] computer readable 
storage medium as in Claim 14, wherein the one or more sub- 
operations comprise one or more mathematical primitive 
operations. 
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17. (Amended) A computer readable storage medium as in 
Claim [13] 1_4, wherein the cryptographic operations include one 
or more of the following: RSA encrypt, RSA decrypt, DSA sign, 
DSA verify, Dif f ie-Hellman and elliptic curve. 



Claims 18-20 have been added as follows: 

18. (New) A computer readable storage medium as in Claim 4, 
further comprising a programmable read-only memory for storing 
the access permission data. 



19. (New) A cryptographic device as in Claim 6, further 
comprising means for controlling access to the first and second 
sets of instructions and/or data, wherein: 

the means for controlling access to the first and 

second set of instructions and/or data comprises the means 

for allowing access to the first set of instructions and/or 

data; and 

the means for allowing access to the first set of 
instructions and/or data does not enable access to the 
second set of instructions and/or data. 



20. (New) A computer readable storage medium as in 
Claim 14, further comprising a fourth set of instructions and/or 
data for controlling access to the first and second sets of 
instructions and/or data, wherein: 

the fourth set of instructions and/or data comprises 

the third set of instructions and/or data; and 



the third set of instructions and/oi^lata does not 
enable access to the second set of instructions and/or data. 



the abstract: 

The abstract has been amended as follows: 

[CUSTOMIZABLE CRYPTOGRAPHIC DEVICE] SECURE, EASY AND/OR 
IRREVERSIBLE CUSTOMIZATION OF CRYPTOGRAPHIC DEVICE 



